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I. STATEMENT OF THE CASE 
Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's final 
rejection of claims 1 through 9 and 14 through 28. Claims 10 through 13 
have been canceled. We have jurisdiction under 35 U.S.C. § 6(b). We 
reverse. 

Appellants ' Invention 
Appellants invented a method and system for selectively allowing a 
user to access desired resources within a network, wherein each resource is 
assigned to a security zone based on its security sensitivity. (Spec. 3, 11. 
5-19.) As depicted in Figure 2, upon receiving a request from the user to 
transmit a message to one of the resources on the network, a network 
administrator determines if the user is authorized to access the security zone 
associated with the requested resource. (Id. 13,11. 1-11.) The administrator 
subsequently forwards the message to the targeted resource if the user is 
authorized to access the security zone associated therewith. (Id. 19, 1. 27-20, 
1. 9.) 

Illustrative Claim 
Independent claim 1 further illustrates the invention. It reads as 
follows: 

1 . A method for selectively allowing access to a plurality of resources 
in a network, the method comprising: 
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receiving a request originated from a user of a multi-user system to 
transmit a message via the multi-user system over the network to one of the 
plurality of resources, wherein each of the plurality of resources has been 
assigned to one of a plurality of security zones based on a level of security 
sensitivity of the resource; 

identifying a one of the plurality of security zones that is associated 
with the one of the plurality of resources; 

determining if the user of the multi-user system is authorized access to 
the identified one of the plurality of security zones; and 

forwarding the message from the multi-user system over the network 
only if it is determined that the user is authorized access to the identified one 
of the plurality of security zones. 



Prior Art Relied Upon 
The Examiner relies on the following prior art as evidence of 
unpatentability: 

Jacobson US 5,548,649 Aug. 20, 1996 

Wallent US 6,366,912 Bl Apr. 2,2002 



Rejection on Appeal 
The Examiner rejects the claims on appeal as follows: 
Claims 1 through 9 and 14 through 28 stand rejected under 35 U.S.C. 

§ 103(a) as being unpatentable over the combination of Jacobson and 

Wallent. 
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Appellants ' Contentions 
Appellants argue that the combination of Jacobson and Wallent does 
not render independent claim 1 unpatentable. (App. Br. 6-14, Reply Br. 2- 
6.) Particularly, Appellants argue, inter alia, that Jacobson' s filter tables do 
not teach or suggest determining if a user is authorized to access an 
identified security zone associated with a resource to which a message is to 
be sent. (Id. App. Br. 10-1 1, Reply Br. 4-5.) Rather, the filtering is 
performed solely based on the protocol types or IP addresses, and it is not 
dependent upon whether a user is authorized to access a particular security 
zone. (Id.) 

Examiner 's Findings/Conclusions 
The Examiner disagrees with Appellants' above position. (Ans. 13.) 

II. ISSUE 

Have Appellants shown that the Examiner erred in concluding the 
ordinarily skilled artisan would have found that Jacobson' s disclosure 
teaches or suggests determining if a user is authorized to access an identified 
security zone associated with a resource to which a message is to be sent, as 
recited in independent claim 1 . 

III. FINDINGS OF FACT 
The following findings of fact (FF) are supported by a preponderance 
of the evidence. 
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Jacobson 

la. As shown in Figure 1, Jacobson discloses a local bridge (104- 

1) for facilitating encrypted communication between local hosts (102-1, 102- 

2) in a first zone (108-1) and remote hosts (102-3, 102-4, 102-5, 102-6, 102- 
7) in a second secure zone (108-2)/third secure zone (108-3) via remote 
bridges (104-2, 104-3) in a multi-user network. The bridges (104-1, 104-2, 
104-3) also facilitate un-encrypted communication between the local hosts in 
the first secure area and remote hosts (102-8, 1029, 102-10) in non-secure 
areas. (Col. 1, 11. 44-63, col. 3, 11. 49-65.) 

lb. As shown in Figures 2 and Figures 4a through 4c, the local 
bridge (104-1) contains a data packet forwarder (211) that reviews an IP 
address filter table 222 (decision block 428) in a library (216) to determine 
whether the data packet received from a host should be deleted. (Col. 6, 11. 
13-45, col. 6, 1. 66 -col. 7, 1. 18.) 

IV. PRINCIPLES OF LAW 
Obviousness 

Appellants have the burden on appeal to the Board to demonstrate 
error in the Examiner's position. See In re Kahn, 441 F.3d 977, 985-86 
(Fed. Cir. 2006) ("On appeal to the Board, an applicant can overcome a 
rejection [under § 103] by showing insufficient evidence of prima facie 
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obviousness or by rebutting the prima facie case with evidence of secondary 

indicia of nonobviousness.") (quoting In reRouffet, 149 F.3d 1350, 1355 

(Fed. Cir. 1998)). 

Section 103 forbids issuance of a patent when "the differences 
between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in 
the art to which said subject matter pertains." 

KSRInt'l Co. v. Teleflexlnc, 111 S. Ct. 1727, 1734 (2007). 

In KSR, the Supreme Court emphasized "the need for caution in 
granting a patent based on the combination of elements found in the prior 
art," and discussed circumstances in which a patent might be determined to 
be obvious. KSR, 127 S. Ct. at 1739 (citing Graham v. John Deere Co., 383 
U.S. 1, 12 (1966)). The Court reaffirmed principles based on its precedent 
that "[t]he combination of familiar elements according to known methods is 
likely to be obvious when it does no more than yield predictable results." Id. 
The operative question in this "functional approach" is thus "whether the 
improvement is more than the predictable use of prior art elements according 
to their established functions." Id. at 1740. 

The Federal Circuit recently recognized that "[a]n obviousness 
determination is not the result of a rigid formula disassociated from the 
consideration of the facts of a case. Indeed, the common sense of those 
skilled in the art demonstrates why some combinations would have been 
obvious where others would not." Leapfrog Enters., Inc. v. Fisher-Price, 
6 
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Inc., 485 F.3d 1157, 1161 (Fed. Cir. 2007) (citing £SK, 127 S. Ct. at 1739). 
The Federal Circuit relied in part on the fact that Leapfrog had presented no 
evidence that the inclusion of a reader in the combined device was "uniquely 
challenging or difficult for one of ordinary skill in the art" or "represented an 
unobvious step over the prior art." Id. at 1 162 (citing KSR, 127 S. Ct. at 
1741). 

V. ANALYSIS 

Independent claim 1 recites in relevant part determining if a user is 
authorized to access an identified security zone associated with a resource to 
which a message is to be sent. 

As set forth in the Findings of Facts section, Jacobson discloses a 
data packet forwarder that determines whether an IP source address 
associated with an incoming data packet should result in deletion of the data 
packet or further consideration for transmission to another host. (FF. lb.) 
We find that the cited disclosure of suggests, at best, that the data packet 
forwarder is capable of determining whether a data packet sent by a user, as 
identified by the IP source address, is to be deleted. Such determination 
disqualifies the user from accessing any security zone based solely upon the 
nature or the origin information provided in packet, and irrespective of the 
destination information designated therein. That is, Jacobson' s disclosure 
falls short of teaching or suggesting that the data packet forwarder 
determines whether the first host is allowed to access the particular security 
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zone associated with a destination location designated in the data packet. 
Therefore, we agree with Appellants that Jacobson does not teach 
determining whether a user is authorized to access an identified one of a 
plurality of security zones, as recited in claim 1 . 

. Since we agree with at least one of the arguments advanced by 
Appellants in the Briefs, we need not reach the merits of Appellants' other 
arguments. It follows that Appellants have shown that the Examiner erred in 
finding that the combination of Jacobson and Wallent renders independent 
claim 1 unpatentable. 

For these same reasons, we also find that Jacobson does not teach a 
second data structure that specifies the respective security zones to which a 
plurality of users may have access, as recited in independent claim 25. 

Because claims 2 through 9, 14 through 24, and 26 through 28 also 
recite similar limitations, we find that Appellants have also shown error in 
the Examiner's rejections of those claims. 

VI. CONCLUSION OF LAW 

Appellants have shown that the Examiner erred in concluding that the 
combination of Jacobson and Wallent renders claims 1 through 9, and 14 
through 28 unpatentable. 
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VII. DECISION 
We reverse the Examiner's decision to reject claims 1 through 9 and 
14 through 28. 

REVERSED 
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